site to site routing through VPN

Discussion in 'Windows Networking' started by Scott Taylor, May 12, 2004.

  1. Scott Taylor

    Scott Taylor Guest

    Hello All!
    I've got a server to server VPN set-up for routing
    between two sites. Site 1 is NT 4 domain. Site 2 is 2k3
    sbs. they are seperate domains. site 1 domain a; site 2
    domain b.

    I can get the servers connected via vpn. using defined
    interfaces. I've added the routes for the networks in
    each routing table. I can ping from router in site 1 to
    all systems in site 2 and viseversa. But I can't ping
    from any workstation in either site across the servers to
    the other site, workstation in site 1 can't ping router
    or workstations or servers in site 2 and viseversa.

    Thus I can't connect to apps or check email either.
    anyone got any ideas?

    Cheers and ty in advance!
     
    Scott Taylor, May 12, 2004
    #1
    1. Advertisements

  2. Scott Taylor

    Bill Grant Guest

    Ping from server to server is easy - they are joined by a point-to-point
    link! To get from client to client requires the routing to be working.

    How did you add the routes? Are they linked to the demand-dial
    interfaces?

    Check that the VPN actually binds to both dd interfaces.
    Check that the subnet routes are added to the routing table at both
    ends, using the VPN endpoint as the interface.
    Check that the clients at both ends use the VPN router as their default
    gateway.
     
    Bill Grant, May 13, 2004
    #2
    1. Advertisements

  3. Phillip Windell, May 13, 2004
    #3
  4. Scott Taylor

    Guest Guest

    Thanks for the response Bill.

    I added the routes through the routing and remote access
    admin, static routes. The default gateway is the servers
    in both cases. Could you elaborate on how to look into
    these issues here. I'm not sure what you mean or where to
    look:

    "Are they linked to the demand-dial
    do you mean the interface I created? If so I added the
    route when I installed the interface and the route uses
    the interface as it's gateway.
    interfaces.
    How do I check this?
    Could you elaborate here? Not sure what you mean.

    I also wanted to add... there is not a trust between the
    two domains yet. Would this cause me to not be able to
    ping? Second the 2k3 server is not multi homed, is there
    perhaps an issue with this? I think I may have read
    something about issues with not being multi homed and
    rras. Any ideas?

    Cheers! and thanks for the response.
     
    Guest, May 13, 2004
    #4
  5. Scott Taylor

    Scott Taylor Guest

    Thanks Phillip, I'm printing out the article now.
    I set it up as I've done in the past creating steelhead
    servers. That could be where I'm going wrong. I'm new to
    2k3 and 2k for that matter.
     
    Scott Taylor, May 13, 2004
    #5
  6. Scott Taylor

    scott taylor Guest

    Resolved!

    Thanks Bill and Phillip.
    The issue was the interfaces were not connecting to the
    proper interface on the remote site. Thus authenticating
    as a regular vpn user ='ing no routing.

    for it to work correctly the username has to match the vpn
    interface name.

    interface name: vpn_site1
    user name: vpn_site1

    if doing 2 way this must be done on each box.
    2nd box:
    interface name: vpn_site2
    user name: vpn_site2

    site1 connection credetials set to use the user name:
    vpn_site2

    and site2 connection credetials set to use the user name:
    vpn_site1

    Hope that helps someone else. Cheers all!
     
    scott taylor, May 13, 2004
    #6
  7. Scott Taylor

    Bill Grant Guest

    Yep, that's it. If the username doesn't match the interface name, you
    just connect as a normal "client-server" user, not a router. The dd
    interface isn't bound to the connection and the route isn't added to the
    routing table.

    It works this way because, if you have multiple connections, each one
    must connect to the correct interface to set up the correct return route for
    the "calling" site.
     
    Bill Grant, May 14, 2004
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.